www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Captive Portal X509 CommonName

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Signal a BUG
View previous topic :: View next topic  
Author Message
gareththered



Joined: 29 Oct 2017
Posts: 1

PostPosted: Sun Oct 29, 2017 9:20 pm    Post subject: Captive Portal X509 CommonName Reply with quote

ZS has the option to use the commonName from an X509 certificate instead of the IP address of the server in the redirect and popups.

The latest X509 recommendation is to not use a FQDN as a commonName, but instead add the FQDN to the SubjectAlternateName extensions. Meanwhile, the commonName should be an unique text.

However, if text (as opposed to a FQDN) is used for a certificate's commonName, the redirect will fail. What's worse - if this text has a space the captive portal will not start.

I believe the Use CN to redirect should be replaced with either:

  • text box where the administrator can enter the FQDN
  • the FQDN of the server
  • a selection of all the SubjectAlterateNames from within the X509 certificate.

The latest browsers ignore FQDN in the commonName field and only look in the SubjectAlternateName extension; therefore this option is deprecated.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Signal a BUG All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group